One of the most popular content management systems in use on modern websites is WordPress, found on more than 60 million websites around the world.
WordPress has been in the news recently as the subject of a large-scale attack from a huge number of computers from across the internet. This automated botnet attack was attempting to take over servers that run WordPress websites.
Many experts believe that this current attack is a relatively small scale version of a botnet that will infect computers in the future. The next attack may be vastly stronger and more destructive than what we have seen recently.
Running on the servers that have bandwidth connections that are hundreds or even thousands of times faster than machines in homes and small businesses.
The enormous popularity of WordPress shows its vulnerability in a situation like this, as a result of it’s ease of use is weak security by users.
This typically means that users continue to use the word ‘admin’ as a user name, as this is the default administration account that’s created when you first install WordPress.
Weak passwords may be guessed by the ‘brute force’ attack of a botnet, able to try vast numbers of password combinations in a short space of time.
For the moment every WordPress user should disabled the default ‘admin’ account in their installation, and replace it with something else. This may take you out of the immediate danger from the current the attackers.
To create a strong password you need to use at least ten characters with a combination of upper and lower case letters along with some numbers and even some extended characters
The recent attack serves as a reminder to everyone that that security for your WordPress blog or website is something you do need to continue to work on.
What follows is Irish Web Design’s advice on what can you do to make your site more secure. These actions will help to deter such attacks in the future.
Update to the latest WordPress (currently version 3.5.1)
If there is an administrative user called ‘admin’.
Create a new account with a different name, unconnected with the name of your website. Give it administrative privileges.
Give it a strong password you have never used before.
Write these details down in at least two different places.
Sign out of the account.
Sign in as the new user.
Delete the old ‘admin’ user account.
During this procedure, you’ll be asked by what account should you assign posts to created by ‘admin’ to.
Choose the new account name you just created.
You should also enable ‘two-step verification’ for each user in your WordPress account. As this is a more complex process with additional implications we will carry an article on the subject in the near future.
Irish Web Design would also recommend changing all passwords connected with access to the site, server and database on a regular basis.
As a matter of course Irish Web Design also recommend that all users should install a number of security programmes on all WordPress websites to prevent them being hacked.
In our view, if you adhere to minimum standards of security for your WordPress site it will give you a good level of security and will make it more difficult to hack into your site.
Don’t let the spammers, hackers or botnets destroy your presence on the web. Your site or blog can be secure with a little thought and effort.
Title of article: Protect Your WordPress Website published by Irish Web Design